funsec mailing list archives
Zango spyware spreading with Facebook application
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 4 Jan 2008 03:37:11 +0200 (EET)
The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret Crush is installing Zango (aka AdWare.Win32.180Solution) with Iframe. This is the procedure: "In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using "Secret Crush"." The text included to the request entry is "One of Your Friends Might Have a Crush on You!" providing normal 'Find Out Who!' and 'Ignore' buttons. Advisory from Fortinet: "Facebook Widget Installing Spyware" http://www.fortiguardcenter.com/advisory/FGA-2007-16.html SecuriTeam Blogs: "My name is Zango, I am spyware and I found Facebook applications" http://blogs.securiteam.com/?p=1056 At time of writing it's not know if AV vendors offering Zango protection have protection for this Static.ZangoCash.com download process too. An interesting reference: "When is a Facebook Really a MySpace?" http://www.allfacebook.com/2008/01/when-is-a-facebook-really-a-myspace/ listing a very remarkable installation base :-( Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Zango spyware spreading with Facebook application Juha-Matti Laurio (Jan 03)
- <Possible follow-ups>
- Re: Zango spyware spreading with Facebook application Juha-Matti Laurio (Jan 04)